If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Getting Around HTTP basic auth...

Hello, I was wondering if there was a way around http basic authentification that doesn't involve packet sniffing?

Lets say I want to get into the web browser menu for a router so I can change (remove) a network key phrase and get access to a simple wep "secured" network...

I dont want to be just another script kiddie if at all possible, and was wondering if there was a way to write a C based program to do such things.

I am really new to this and know how to get around it using air snort tools and *nix but my laptop came with a built in intel based wireless network card (which isn't supported by any tool lol) and dont want to spend money on a usb wireless setup.

maybe I am overlooking something that is very simple, any help would be great thanks.

Yeah, you're overlooking asking the admin for permission to access the network, and the key.

If you're too cheap to spend even $40 on a wifi card... too bad.

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

You didn't say that it was your router. That changes a things a bit since you have physical access to the router. I didn't consider my answer to be a smart ass comment, either. It was a legit response to your question. Even if you didn't want to hear it.

You could press the reset button on the back of the router to default the password. Custom firmware, such as the dd-wrt firmware has an option to disable this reset button. Although, you can typically short out two pins on the mainboard of the router to trigger the reset button.

Or, you could add a serial port to the wrt54g. Log in via "console". It's just a linux OS running on that thing. Then edit the password file.

Actually, goto securityfocus.com and look for the wrt54g vulnerabilities. There is no shortage of them. Keep in mind that there are at least 6 physical versions of that router... and dozens of firmware versions for all of them.

Last edited by phishphreek; October 13th, 2007 at 04:21 PM.

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Sorry, it was around 2 in the morning and I was a lil cranky considering i had like 50 views and no responses....

Thank you though, this info is very useful! I was wondering if I could get around it without physical access though

I guess what I am trying to ask is does anyone think that a C based program could be written to "get around" the http (basic auth) on a web browser, I just started learning the language and know advanced http, java, and a few other languages... I was just looking for a project, and wanted to know if its even plausable.

If you want, you can download the firmware source code (GPL) and inspect it for vulnerabilities. Then maybe you can create some C based program to exploit that vulnerability (if you find one). Or, maybe you can modify the firmware to include the http auth bypass backdoor for your router, compile the code and update your router with the backdoored firmware. I can't imagine why you'd actually want to do this though...

Keep in mind that there are many different versions of these wrt54g routers. They are up to version 8 now. They each have different firmware versions becase they have different hardware implementations. Some of the newer routers don't look like they are using the GPL'd code... but I only looked quickly. I have several of them, but mine are all version 2 or 2.2.

Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.